Sometimes the only good thing you can say about a month is that it’s over. Just ask Estes Express, which spent much of October recovering from an especially wicked and widespread cyberattack.
Like AFS, you probably watched the story unfold in real time since the news of it broke while many of us were at CSCMP Edge, and each chapter was extensively covered by the industry trades.
The question is, what have you done since then? Because based on the scope, duration and ultimately successful resolution of this latest supply chain cyber disaster, there are a lot of important lessons that all of us could stand to learn – and that we should begin to apply ASAP.
Lesson One: Pessimism Pays
Since we just celebrated Halloween, let’s start by addressing the scary fact that cyber security tools, no matter how advanced, aren’t always enough to protect your company from a cyberattack.
The folks at Estes were undeniably realistic about this, which is why they already had a detailed and extensively tested cyber contingency plan in place.
If your company has a similar plan – and it should – now’s the time to revisit it in light of the challenges and roadblocks you saw Estes grapple with over the past month. The specifics of their experience offer one of the most updated keys to the cyber emergency preparedness test there is.
Did any of the functions that were disabled as a result of the Estes cyberattack surprise you? Could you have weathered an extensive outage that lasted as long as theirs did? Or does your current plan only account for being partially offline for a few days at most? Furthermore, would your company have a comparable ability to quickly deploy alternative methods of getting your day-to-day work completed?
Use your answers to those questions (and more) to build an even better and stronger plan than the one you had in place a month or two ago. Then take the time to test and refine it with the help of tools like supply chain simulations.
Lesson Two: Sometimes Throwback = Fallback
We live in a world where new is usually considered to be better – and where all roads lead to digital transformation. But what happens when new-and-improved suddenly becomes new-and-impaired?
In many cases, the best solution could involve looking in the rear-view mirror and taking a trip down old school lane – as Estes did when it temporarily reverted to paper-based, manual processes like employing hard copies of Bills of Lading.
While these throwback solutions weren’t sexy, they were effective enough to keep freight moving through Estes’ system when their systems situation was at its most dire – and when push comes to shove, that’s what counted most.
Remember that example as your company moves forward with its own digital and automation journey, bearing in mind that even though it may be tempting to toss out your older, less sophisticated SOPs once more advanced ones are in place, it’s not necessarily wise. In the long run, the reliability they offer could wind up being one of the most agile Plan Bs you have.
Lesson Three: Your Cyber Security Budget Should Grow Faster Than Your IT Budget
Here’s another scary thought: Each time a business like Estes digitizes another business activity (and it had recently done so with quite a few) it significantly increases its cyber risk, perhaps exponentially so.
Freightwaves observed as much when it wrote this after a 2021 cyberattack on another industry leader: “The digital renaissance that has swept across transportation and logistics companies has been a good thing for . . . supply chain connectivity and visibility” but a potentially bad thing for cybersecurity because, “companies can end up introducing vulnerabilities if they’re not careful.” In fact, one industry executive who was interviewed for that story went so far as to say that, “every digital transformation a company puts in place is a potential security incident.”
While this added risk shouldn’t deter your business from pursuing digital progress, it should inspire you to make sure that any plans you have for digital expansion come complete with plans for even more substantial cyber security upgrades, even if it means spending a bit less on the former. Otherwise, you could be opening the door to becoming the next cautionary tale.
Lesson Four: We’re All In This Together
On a final note, let’s take a moment to focus on all of the things that Estes and the industry as a whole did well during this crisis, because there were a myriad.
For its part, Estes did an excellent job of using alternate channels to facilitate two-way communications with its customers including setting up a form on X (formerly Twitter) and using employees’ personal cell phones to convey important information. It also was extremely proactive in sharing the latest updates with customers and the public at large via X, YouTube, the industry trades and other non-company channels. And it was spot-on in terms of figuring out the timeline of which systems to bring back online first.
The industry’s other LTLs stepped up to the plate by being willing and able to absorb some of Estes’ freight volumes without, in most cases, resorting to opportunistic pricing.
And the media and other industry players refrained from piling on and kicking a company when it was down – and rightfully so. After all, as our industry becomes increasingly digitized, incidents like this are likely to become far more common and far more likely to happen to just about anyone. Which is all the more reason for all of us to continue addressing this issue (and its possible solutions) collaboratively rather than competitively.
On behalf of all of us at AFS, thank you for letting us talk turkey with you about this and so many other tough subjects this year. Feel free to give us a call at 318.798.21111 about this issue and any others that could affect your long-term LTL spend, and happiest of Thanksgivings from our company to yours.